Bug 31431

Summary: mysql-connector-java new security issue CVE-2022-3171
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: nicolas.salguero
Version: 9   
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=30906
https://bugs.mageia.org/show_bug.cgi?id=31432
Whiteboard: MGA8TOO
Source RPM: mysql-connector-java CVE: CVE-2022-3171
Status comment:

Description David Walser 2023-01-18 19:58:24 CET 
Oracle CPU for January 2023 lists MySQL connector CVEs:
https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL

This issue is actually in protobuf, which we haven't addressed (Bug 30906).

If this package bundles protobuf, we should link it to the system one.

Mageia 8 is also affected.
David Walser 2023-01-18 19:58:38 CET

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-01-18 21:22:45 CET 
That other bug 30906 is worth a look. It needs moving.

Assigning this globally in the absence of a particular packager.

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=30906
Assignee: bugsquad => pkg-bugs

Lewis Smith 2023-01-18 21:34:34 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31432

Comment 2 Nicolas Salguero 2024-03-13 10:46:01 CET 
In fact, the problem affected mysql-connector-java and is already fixed in mysql-connector-java-8.0.33-1.mga9.

Status: NEW => RESOLVED
Summary: mysql-connector-net new security issue CVE-2022-3171 => mysql-connector-java new security issue CVE-2022-3171
Resolution: (none) => FIXED
Version: Cauldron => 9
CVE: (none) => CVE-2022-3171
Source RPM: mysql-connector-net-6.9.9-2.mga9.src.rpm => mysql-connector-java
CC: (none) => nicolas.salguero